Presenter Email
craigerj@erau.edu
Location
Jim W. Henderson Administration & Welcome Center (Bldg. #602)
Start Date
8-13-2018 3:15 PM
End Date
8-13-2018 4:15 PM
Submission Type
Presentation
Keywords
UAS, cybersecurity, information security, aviation security
Abstract
The FAA predicts that purchases of hobbyist small unmanned aerial systems (sUAS) will grow from 1.9 million in 2016 to 4.3 million by 2020, and commercial sUAS to increase from 600,000 in 2016 to 2.7 million by 2020. sUAS, often referred to as 'drones,' are comprised of aeronautical hardware, a CPU, RAM, onboard storage, radio frequency communications, sensors, a camera, and a controller used by the pilot-in-command (PIC). Some have argued that a sUAS is essentially a flying computer. As such, sUAS are sometimes susceptible to many of the types of attacks that are often used on PC-based computers attached to a computer network. Potential attacks on sUAS include de-authentication (i.e., 'terminating' the sUAS from the network); GPS spoofing (e.g., modifying or faking GPS coordinates); unauthorized access to the computer flight systems and onboard storage; jamming the communications channel; and contaminating the sUAS geofencing mechanism (allowing the sUAS to fly in a 'no-fly-zone'). The result of these types of attacks include: theft of the sUAS; flying the sUAS into no-fly zones; purposefully crashing the sUAS to cause damage to persons or equipment (including airplanes, crowds, etc.); and theft or adulteration of sensitive data (e.g., law enforcement surveillance data). The purpose of this paper is to apply a threat modeling approach to identify cyber-based vulnerabilities; potential attack vectors; commercial-off-the-shelf and "home-built" equipment required to effectuate attacks; cyber and kinetic ramifications of attacks; and mitigating strategies for protecting sUAS from cyber-attacks.
Presenter Biography
Dr. J. Philip Craiger is an Associate Professor of Cybersecurity in the Department of Security Studies and International Affairs. Philip previously served as Professor in the School of Engineering Technology at Daytona State College, where was the Principal Investigator of the $1.8 million NSF-funded Advanced Cyberforensics Education Consortium. From 2004-2010 he served a dual appointment at the University of Central Florida as the Assistant Director for Digital Evidence at the National Center for Forensic Science, and as an Assistant Professor in the Department of Engineering Technology. At UCF Philip was instrumental in developing the first Master of Science in Digital Forensics in the U.S. Philip started his career as an Associate Professor in the Department of Computer Science at the University of Nebraska at Omaha. He is a member of the American Academy of Forensic Sciences, and holds numerous professional certifications, including Certified Information Systems Security Practitioner (CISSP), and a Certified Cyber Forensics Practitioner (CCFP) from (ISC)2, SANS GIAC Computer Forensics Analyst, and an EC-Council Certified Ethical Hacker. His research and teaching interests include sUAS cybersecurity, and general aviation cybersecurity.
Dr. Craiger is a certified NAUI technical SCUBA instructor. He has hundreds of technical dives including cave diving in over 50 caves throughout the U.S. and Mexico, and several cave dives to 300 or more feet.
Original PowerPoint, Full-res
sUAS: Cybersecurity Threats, Vulnerabilities, and Exploits
Jim W. Henderson Administration & Welcome Center (Bldg. #602)
The FAA predicts that purchases of hobbyist small unmanned aerial systems (sUAS) will grow from 1.9 million in 2016 to 4.3 million by 2020, and commercial sUAS to increase from 600,000 in 2016 to 2.7 million by 2020. sUAS, often referred to as 'drones,' are comprised of aeronautical hardware, a CPU, RAM, onboard storage, radio frequency communications, sensors, a camera, and a controller used by the pilot-in-command (PIC). Some have argued that a sUAS is essentially a flying computer. As such, sUAS are sometimes susceptible to many of the types of attacks that are often used on PC-based computers attached to a computer network. Potential attacks on sUAS include de-authentication (i.e., 'terminating' the sUAS from the network); GPS spoofing (e.g., modifying or faking GPS coordinates); unauthorized access to the computer flight systems and onboard storage; jamming the communications channel; and contaminating the sUAS geofencing mechanism (allowing the sUAS to fly in a 'no-fly-zone'). The result of these types of attacks include: theft of the sUAS; flying the sUAS into no-fly zones; purposefully crashing the sUAS to cause damage to persons or equipment (including airplanes, crowds, etc.); and theft or adulteration of sensitive data (e.g., law enforcement surveillance data). The purpose of this paper is to apply a threat modeling approach to identify cyber-based vulnerabilities; potential attack vectors; commercial-off-the-shelf and "home-built" equipment required to effectuate attacks; cyber and kinetic ramifications of attacks; and mitigating strategies for protecting sUAS from cyber-attacks.
Comments
Presented during Session 3 (continued): UAS – Training and Implications for Pilots